public inbox for [email protected]help / color / mirror / Atom feed
[Patch] Bug #5836 - LDAP auth - Case Sensitive 3+ messages / 3 participants [nested] [flat]
* [Patch] Bug #5836 - LDAP auth - Case Sensitive @ 2022-03-29 07:27 Yogesh Mahajan <[email protected]> 0 siblings, 1 reply; 3+ messages in thread From: Yogesh Mahajan @ 2022-03-29 07:27 UTC (permalink / raw) To: pgadmin-hackers Hello, Attached patch adds a new ldap authentication configuration parameter which indicates case sensitivity of the ldap schema/server. Thanks, Yogesh Mahajan EnterpriseDB Attachments: [application/x-patch] RM_5836_v1.patch (5.0K, 3-RM_5836_v1.patch) download | inline diff: diff --git a/docs/en_US/ldap.rst b/docs/en_US/ldap.rst index 16cfb3fcf..371ba2394 100644 --- a/docs/en_US/ldap.rst +++ b/docs/en_US/ldap.rst @@ -73,17 +73,19 @@ There are 3 ways to configure LDAP: limits the search to the base object. A *level* search is restricted to the immediate children of a base object, but excludes the base object itself. A *subtree* search includes all child objects as well as the base object." + "LDAP_DN_CASE_SENSITIVE", "Indicates whether the DN (Distinguished Names) are case sensitive or not. + Possible values are True or False. By default is set to False." "LDAP_USE_STARTTLS","Specifies if you want to use Transport Layer Security (TLS) for secure communication between LDAP clients and LDAP servers. If you specify the connection protocol in *LDAP_SERVER_URI* as *ldaps*, this parameter is ignored." "LDAP_CA_CERT_FILE","Specifies the path to the trusted CA certificate file. This - parameter is applicable only if you are using *ldaps* as connection protocol and + parameter is applicable only if you are using *ldaps* as connection protocol or you have set *LDAP_USE_STARTTLS* parameter to *True*." "LDAP_CERT_FILE","Specifies the path to the server certificate file. This parameter - is applicable only if you are using *ldaps* as connection protocol and you have + is applicable only if you are using *ldaps* as connection protocol or you have set *LDAP_USE_STARTTLS* parameter to *True*." "LDAP_KEY_FILE","Specifies the path to the server private key file. This parameter - is applicable only if you are using *ldaps* as connection protocol and you have + is applicable only if you are using *ldaps* as connection protocol or you have set *LDAP_USE_STARTTLS* parameter to *True*." "**Bind as pgAdmin user**" "LDAP_BASE_DN","Specifies the base DN from where a server will start the search diff --git a/web/config.py b/web/config.py index f75f97130..af375e235 100644 --- a/web/config.py +++ b/web/config.py @@ -649,6 +649,10 @@ LDAP_BASE_DN = '<Base-DN>' # It can be optional while bind as pgAdmin user LDAP_SEARCH_BASE_DN = '<Search-Base-DN>' +# The LDAP attribute indicates whether the DN (Distinguished Names) +# are case sensitive or not +LDAP_DN_CASE_SENSITIVE = False + # Filter string for the user search. # For OpenLDAP, '(cn=*)' may well be enough. # For AD, you might use '(objectClass=user)' (REQUIRED) diff --git a/web/pgadmin/authenticate/ldap.py b/web/pgadmin/authenticate/ldap.py index c1d6fea65..2c022caef 100644 --- a/web/pgadmin/authenticate/ldap.py +++ b/web/pgadmin/authenticate/ldap.py @@ -24,7 +24,8 @@ from pgadmin.model import User, ServerGroup, db, Role from flask import current_app from pgadmin.tools.user_management import create_user from pgadmin.utils.constants import LDAP - +from sqlalchemy import func +from flask_security import login_user ERROR_SEARCHING_LDAP_DIRECTORY = gettext( "Error searching the LDAP directory: {}") @@ -133,7 +134,8 @@ class LDAPAuthentication(BaseAuthentication): except LDAPBindError as e: current_app.logger.exception( "Error binding to the LDAP server.") - return False, gettext("Error binding to the LDAP server.") + return False, gettext("Error binding to the LDAP server: {}\n". + format(e.args[0])) except LDAPStartTLSError as e: current_app.logger.exception( "Error starting TLS: {}\n".format(e)) @@ -146,11 +148,38 @@ class LDAPAuthentication(BaseAuthentication): return True, None + def login(self, form): + user = getattr(form, 'user', None) + if user is None: + if config.LDAP_DN_CASE_SENSITIVE: + user = User.query.filter_by(username=self.username).first() + else: + user = User.query.filter( + func.lower(User.username) == func.lower( + self.username)).first() + + if user is None: + current_app.logger.exception( + self.messages('USER_DOES_NOT_EXIST')) + return False, self.messages('USER_DOES_NOT_EXIST') + + # Login user through flask_security + status = login_user(user) + if not status: + current_app.logger.exception(self.messages('LOGIN_FAILED')) + return False, self.messages('LOGIN_FAILED') + return True, None + def __auto_create_user(self, user_email): """Add the ldap user to the internal SQLite database.""" if config.LDAP_AUTO_CREATE_USER: - user = User.query.filter_by( - username=self.username).first() + if config.LDAP_DN_CASE_SENSITIVE: + user = User.query.filter_by(username=self.username).first() + else: + user = User.query.filter( + func.lower(User.username) == func.lower( + self.username)).first() + if user is None: return create_user({ 'username': self.username, ^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: [Patch] Bug #5836 - LDAP auth - Case Sensitive @ 2022-03-29 09:00 Khushboo Vashi <[email protected]> parent: Yogesh Mahajan <[email protected]> 0 siblings, 1 reply; 3+ messages in thread From: Khushboo Vashi @ 2022-03-29 09:00 UTC (permalink / raw) To: Yogesh Mahajan <[email protected]>; +Cc: pgadmin-hackers I have done the code review and it looks good to me. On Tue, Mar 29, 2022 at 12:58 PM Yogesh Mahajan < [email protected]> wrote: > Hello, > > Attached patch adds a new ldap authentication configuration parameter > which indicates case sensitivity of the ldap schema/server. > > > Thanks, > Yogesh Mahajan > EnterpriseDB > ^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: [Patch] Bug #5836 - LDAP auth - Case Sensitive @ 2022-03-29 09:29 Akshay Joshi <[email protected]> parent: Khushboo Vashi <[email protected]> 0 siblings, 0 replies; 3+ messages in thread From: Akshay Joshi @ 2022-03-29 09:29 UTC (permalink / raw) To: Khushboo Vashi <[email protected]>; +Cc: Yogesh Mahajan <[email protected]>; pgadmin-hackers Thanks, the patch applied. On Tue, Mar 29, 2022 at 2:30 PM Khushboo Vashi < [email protected]> wrote: > I have done the code review and it looks good to me. > > On Tue, Mar 29, 2022 at 12:58 PM Yogesh Mahajan < > [email protected]> wrote: > >> Hello, >> >> Attached patch adds a new ldap authentication configuration parameter >> which indicates case sensitivity of the ldap schema/server. >> >> >> Thanks, >> Yogesh Mahajan >> EnterpriseDB >> > -- *Thanks & Regards* *Akshay Joshi* *pgAdmin Hacker | Principal Software Architect* *EDB Postgres <http://edbpostgres.com>* *Mobile: +91 976-788-8246* ^ permalink raw reply [nested|flat] 3+ messages in thread
end of thread, other threads:[~2022-03-29 09:29 UTC | newest] Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2022-03-29 07:27 [Patch] Bug #5836 - LDAP auth - Case Sensitive Yogesh Mahajan <[email protected]> 2022-03-29 09:00 ` Khushboo Vashi <[email protected]> 2022-03-29 09:29 ` Akshay Joshi <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox